[pmwiki-users] PmWiki at sourceforge, can it be secured?

Christian Ridderström christian.ridderstrom at gmail.com
Sat Mar 7 16:13:57 CST 2009


Hi,

For the benefit of the LyX project, I and Bo are looking at using 
sourceforge to run the LyX wiki (well, actually the web site).

At sourceforge, we have to store the wiki pages under a 'persistent' 
directory. Now, while setting up a test site, I checked and noticed the 
following unfortunate behaviour.

* It's possible for one project, 'A', to run a PHP-script that can
   write to the persistent directory of project 'B'.

Ooops.

Does anyone know of a workaround for this?

Is using MySql for storing the pages the a solution? Will that be safe?

/Christian

-- 
Christian Ridderström				Mobile: +46-70 687 39 44


More information about the pmwiki-users mailing list